USN-8184-1 linux-realtime, linux-realtime-6.8 vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...

USN-8028-5: Linux kernel vulnerabilities

It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. CVE-2024-36331 Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt...

Vulnerability of the dev_pm_skip_resume() function in the drivers/base/power/main.c module – a driver for kernel-based PCI devices in the Linux operating system, which allows a hacker to trigger a service failure.

Vulnerability of the devpmskipresume function in the drivers/base/power/main.c module – The Linux kernel’s bus device support driver is vulnerable to synchronization errors when using shared resources. Exploiting this vulnerability could allow an attacker to cause a service failure...

CVE-2024-35809

In the Linux kernel, the following vulnerability has been resolved: PCI/PM: Drain runtime-idle callbacks before driver removal A race condition between the .runtimeidle callback and the .remove callback in the rtsxpcr PCI driver leads to a kernel crash due to an unhandled page fault 1. The proble...